[原创]再发个crackme08040101-大家帮忙试下-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

被ccfer一语道破。
就是bool代数做的繁华，从vmprotect那里学来的，抄袭了一点。vmprotect用的是"或非门"，我这里用的基本单元是"与或非门"，它们都同"与非门"一样，可是实现所有逻辑功能。
里面主要通过"与或非门"实现的是“四位同比较器”和“位同比较器”，本以为强度足够，没想到这么快被搞定，早知应把"半加器","全加器"用上，拖延点时间。
看来组合逻辑不管用，下次得做个时序逻辑的。呵呵。
只把主要函数列出，请ccfer,forgot帮忙指点。

1 2	`与或非门` `Z=!(A!B+C!D)`

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

bool chkregcode(unsigned char *pnamevalue,unsigned char *pregcodevalue,unsigned char *pkey)
{
    unsigned char namevalue[8];
    unsigned char regcodevalue[8];
    unsigned char keyvalue[8];
    unsigned char tmpa[4];
    unsigned char tmpb[4];
    unsigned char tmpc[4];
    int tmpi;
    for(tmpi=0;tmpi<8;tmpi++,pnamevalue++,pregcodevalue++,pkey++)
    {
        namevalue[tmpi]=*pnamevalue;
        regcodevalue[tmpi]=*pregcodevalue;
        keyvalue[tmpi]=*pkey;
    }
    for(tmpi=0;tmpi<4;tmpi++)
    {
        tmpa[tmpi]=vm_xor(namevalue[tmpi],keyvalue[tmpi]);
        tmpb[tmpi]=regcodevalue[tmpi];
    }
    tmpc[0]=vm_same4(tmpa,tmpb);
    for(tmpi=0;tmpi<4;tmpi++)
    {
        tmpa[tmpi]=vm_xor(namevalue[tmpi+4],keyvalue[tmpi+4]);
        tmpb[tmpi]=regcodevalue[tmpi+4];
    }
    tmpc[1]=vm_same4(tmpa,tmpb);
    tmpc[2]=vm_same1(tmpc[0],tmpc[1]);
    tmpc[3]=vm_same1(tmpc[1],0xff);
    return (tmpc[3]==0xff&&tmpc[2]==0xff);
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

unsigned char vm_nop1(unsigned char a0)
{
    unsigned char tmpc1;
    unsigned char tmpc2;
    tmpc1=a0;
    tmpc2=a0^0xff;
    tmpc1=tmpc1|tmpc2;
    tmpc2=tmpc2^0xff;
    tmpc2=tmpc1&tmpc2;
    return tmpc2;
}
//深1层vm
//nor
unsigned char vm1_nor(unsigned char a0,unsigned char b0)
{
    unsigned char tmpc1;
    tmpc1=a0|b0;
    tmpc1=tmpc1^0xff;
    return tmpc1;
}
unsigned char vm1_not(unsigned char a0)
{
    return vm1_nor(a0,a0&vm_nop1(a0));
}
//循环移
int vm_ror_int(int value,int count)
{
    count=count%32;
    return (value>>count)|(value<<(32-count));
}
unsigned char vm_ror_B(unsigned char value,int count)
{
    count=count%8;
    return (value>>count)|(value<<(8-count));
}
 
//与或非
unsigned char vm_nao(unsigned char a0,unsigned char b0,unsigned char c0,unsigned char d0)
{
    unsigned char tmpc0,tmpc1,tmpc2,tmpc3;
    //garbage start swap c0,a0//b0,d0
    tmpc0=c0;
    c0=vm_nop1(a0);
    a0=vm_nop1(tmpc0);
    tmpc0=d0;
    d0=vm_nop1(b0);
    b0=vm_nop1(tmpc0);
    //garbage end
    tmpc1=b0^0xff;
    tmpc1=a0&tmpc1;
    tmpc2=c0&(d0^0xff);
    tmpc3=(tmpc1|tmpc2)^0xff;
    return tmpc3;
}
//非 not=!(a0*!a0+a0*!a0)
unsigned char vm_not(unsigned char a0)
{
    return vm_nao(a0,a0^0xff,a0,a0^0xff);
}
//或
unsigned char vm_or(unsigned char a0,unsigned char b0)
{
    return vm_nao(0xa5,0xa5,a0^0xff,b0);
}
//与
unsigned char vm_and(unsigned char a0,unsigned char b0)
{
    return vm_nao(0xff,a0,0xff,b0);
}
//与非
unsigned char vm_nand(unsigned char a0,unsigned char b0)
{
    return vm_not(vm_and(a0,b0));
}
//或非
unsigned char vm_nor(unsigned char a0,unsigned char b0)
{
    return vm_not(vm_or(a0,b0));
}
//异或
unsigned char vm_xor(unsigned char a0,unsigned char b0)
{
    return vm_not(vm_nao(a0,b0,vm_not(a0),vm_not(b0)));
}
//同或
unsigned char vm_nxor(unsigned char a0,unsigned char b0)
{
    return vm_not(vm_nao(a0,b0^0xff,a0^0xff,b0));
}
//四字节同比较器
unsigned char vm_same4(unsigned char a0[4],unsigned char b0[4])
{
    unsigned char tmpc[4];
    unsigned char tmpc0,tmpa0,tmpb0;
    int tmpi;
    for(tmpi=0;tmpi<4;tmpi++)
    {
        tmpc[tmpi]=vm_xor(a0[tmpi],b0[tmpi]);
    }
    tmpa0=vm_or(tmpc[0],tmpc[1]);
    tmpb0=vm_or(tmpc[2],tmpc[3]);
    //garbage start
    tmpc0=tmpb0;
    tmpb0=vm_not(vm_not(vm_or(tmpa0,tmpa0)));
    tmpa0=vm_and(tmpc0,tmpc0);
    //garbage end
    return vm_nor(tmpa0,tmpb0);
}
//单字节同比较器
unsigned char vm_same1(unsigned char a0,unsigned char b0)
{
    unsigned char tmpc;
    unsigned char tmpc1;
    //garbage start
    tmpc=b0;
    b0=vm_not(vm_not(vm_or(a0,a0)));
    a0=vm_and(tmpc,tmpc);
    //garbage end
    tmpc1=vm_xor(a0,b0);
    return vm_not(tmpc1);
}